How to activate HSTS (HTTP Strict Transport Security) on your website

Modified on Wed, 17 Nov 2021 at 12:28 AM

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. 

It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone. HSTS is an IETF standards track protocol and is specified in RFC 6797. 

How to force SSL protocol on your website 

ou can activate HSTS or force https:// via existing SSL already installed on your website. Please make sure that you have valid SSL. If you don't, we offer free unlimited Lifetime SSLs with free installation!

HSTS activation via .htaccess file

Please find .htaccess file inside public_html folder. If you don't see it, please enable "show hidden files" inside cPanel File Manager. If you use regular FTP like Filezilla, file will be visible inside public_html folder. Please add following lines inside .htaccess:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

Then save .htaccess file. Test your website by going to http://yoursitehere. It will instantly redirect to secured Apache port or https://

If you need any assistance with HSTS activation or SSL installation, please don't hesitate to contact us at any time!

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article